Microsoft releases details on Vista activation

Almost a year to the day after releasing Windows Vista to manufacturing, Microsoft has finally released a document outlining some of the technical details behind Vista's product activation. Most of the information merely confirms what Windows experts already knew, but one detail is surprising: For the first time, Microsoft has confirmed that it limits the number of times a system can be reactivated over the Internet. I've got the details.

For nearly a year, Microsoft has refused to release technical details of the changes it made to its Product Activation technology in Windows Vista. The company was more than willing to speak in broad terms about the program and how it works, but it kept the details confidential, classifying them as trade secrets.

Until last week, that is. A newly released Technical Market Bulletin entitled Product Activation for Windows Vista and Windows Server 2008 unexpectedly appeared on Microsoft's Download Center last week. Curiously, the document was dated September 2007, but the Date Published field indicates that it was kicking around internally for more than a month before being officially released.

Historically, the underlying principle of Product Activation has been simple: You can reinstall Windows on the original hardware as many times as you like and activate it automatically over the Internet. You need to reactivate over the phone if the hardware is substantially changed. That's been the hard-and-fast rule for more than six years.

With that history in mind, I was surprised (to put it mildly) when I read this sentence on the next-to-last page of the Vista activation bulletin:

Reinstallation of Windows Vista or Windows Server 2008 on the same or similar hardware and a subsequent reactivation can be accomplished five times.

If that's true, it's a major change in policy for Microsoft. I went back through all my notes and records looking for any indication that this policy has been announced previously and found nothing. So I contacted Microsoft to get an explanation and got an impressively rapid response from Alex Kochis, Senior Product Manager in the Windows Genuine Advantage (WGA) group. His blunt response: "There has been no meaningful policy change. We need to correct that paper."

The new activation document, it turns out, is missing some crucial details. A more complete description of the actual activation policy is found at the bottom of Microsoft's Windows Vista Activation FAQ:

How many times can I activate Windows Vista?

Windows can be activated any number of times, but your re-activation experience will vary based on the way you acquired Windows.

If you acquired Windows Vista via retail purchase (boxed product), you may activate via the Internet the first five times. Subsequent activations are allowed but must be completed via telephone.

If you acquire Windows Vista pre-installed on a computer, re-installation would not require additional activation steps unless significant hardware changes were made.

And even that description, Kochis explains, is potentially misleading. The policy allowing five automatic activations over the Internet has been in place for the past year, but it's subject to change at any time. The real goal, it turns out, is to block hackers who try to spoof parts of the hardware ID so that multiple systems can appear identical when they check in with Microsoft's activation servers. In that scenario, the server logs for a single product ID might show hundreds or even thousands of activation requests, leading to a requirement that the system be activated over the phone. In that scenario, a customer service representative can confirm that the activation request is legitimate.

For systems sold from large manufacturers (Dell, HP, Sony, and the like), activation is accomplished using a separate check called OEM Activation 2.0. If you reinstall Windows using the original media, activation should never be required unless the motherboard is replaced with one from a different manufacturer. The limit of five reactivations should only apply to retail copies, and then it will likely affect only hard core enthusiasts who repeatedly reinstall and attempt to reactivate retail copies.

If you fall into the latter category, here are three pieces of advice to avoid being bitten by activation hassles:

1. Take advantage of the initial 30-day grace period before activating. Delay activation until you're satisfied that all hardware and software are working as you intended.

2. Use an image backup program like Vista's Complete PC Backup (found in the Business and Ultimate editions) or a third-party alternative like Acronis True Image. After installing Windows and all current updates (including drivers), complete activation and then use the backup program to create a snapshot of the drive. If you ever need to reinstall, you can do so easily with that image, which won't require reactivation if it's restored to the original hardware.

3. If you're such a fanatic that you install Windows more than five times a year, get a TechNet Plus subscription. For $299, you get a one-year subscription that includes perpetual licenses for every version of Windows Vista (including Ultimate), Windows XP Professional, Microsoft Office, and a slew of server software and tools. The licenses aren't valid for business use, but you can install and use each product on up to 10 separate machines for evaluation purposes, and the licenses don't expire even if you choose not to renew your subscription after the first year.

I'll have more details from this new technical bulletin, including a rundown on the activation changes between XP and Vista.